Many companies in the space industry lack cybersecurity expertise and may be ill prepared to prevent or respond to attacks. Credit: Symantec

Richard Leshner, vice president of government and regulatory affairs at Planet Federal, said space entrepreneurs need to better understand cybersecurity threats.

WASHINGTON — Satellites and their ground infrastructure have become targets for hackers and other cyber criminals, experts warn. But many emerging companies in the space industry lack cybersecurity expertise and may be ill prepared to prevent or respond to attacks, warned Richard Leshner, vice president of government and regulatory affairs at Planet Federal.

Planet Federal is a subsidiary of Planet, an Earth observation company that operates about 150 imaging satellites.

Speaking Jan. 30 at the 2020 Commercial Space Transportation Conference, Leshner said there is a gulf between the space and the cybersecurity sectors and that everyone would benefit from closer collaboration.

Leshner recalled that during a workshop on commercial remote sensing regulations hosted by the National Oceanic and Atmospheric Administration, it became apparent neither the cybersecurity nor the space experts in the room knew much about each others’ business.

Officials from the Commerce Department’s National Institute of Standards and Technology — the agency that develops cybersecurity standards for different industries — had a “real desire to know more about our business,” said Leshner.

The entrepreneurs who create space businesses tend to have deep backgrounds and technical expertise in space, he said. “What doesn’t exist is something that enables, as that company grows, to learn from experts about the nature and source of new and different threats.”

The space industry needs to get up to speed on cybersecurity, Leshner said. “Where are these new threats coming from? What do they look like?” Companies need to get ahead of these threats “in ways that enable them to be proactive and not responsive to appropriately hair-on-fire regulators,” said Leshner. A key concern of governments, for example, is to make sure space companies protect their satellite ground stations.

Rather than just requiring companies to comply with a checklist of regulations, government agencies could also help educate the industry on how to prepare and prevent attacks, he said. “If we can move from the checklist reactive model to a collaborative information sharing proactive model, that would be very welcome.”

Kile Thompson, global compliance counsel at Spire, said the threat of cyber intrusions to satellite constellations is real.

“This is something that we take incredibly seriously,” Thompson said at the conference. “We have encrypted downlinks and we build technology into our satellites so we have situational awareness of them at all times,” he said. “We do work with some public agencies on this.”

There are concerns that criminals could break into ground stations and try to take control of satellites, said Thompson. “We make sure our satellites respond only to proper signals.”

A recent study by the Aerospace Corp. said the vulnerability of satellites and other space assets to cyber attacks is “often overlooked in wider discussions of cyber threats to critical national infrastructure.”

In response to these concerns, space companies last year formed a Space Information Sharing and Analysis Center, or Space ISAC, to share intelligence on cyber threats. The group said it plans to start operations this spring with the launch of an unclassified portal where companies can share and analyze cybersecurity information.